From: Christian Ebner <c.ebner@proxmox.com>
Date: Mon, 2 Dec 2019 15:55:57 +0000 (+0100)
Subject: rules: allow connections on port range 60000:60050 in management network for migration
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;ds=sidebyside;h=94e4ec75ca20f1cbb797ab0442e6400cb9a84672;p=pve-firewall.git

rules: allow connections on port range 60000:60050 in management network for migration

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index db16e0f..ae67bcd 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2505,6 +2505,7 @@ sub enable_host_firewall {
     ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 5900:5999", "-j $accept_action");  # PVE VNC Console
     ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 3128", "-j $accept_action");  # SPICE Proxy
     ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 22", "-j $accept_action");  # SSH
+    ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 60000:60050", "-j $accept_action");  # Migration
 
     # corosync inbound rules
     if (defined($corosync_conf)) {